[xmlsec] Re: GOST support in xmlsec

Amiler Scumba amiler_scumba at hotmail.com
Tue Feb 14 13:44:30 PST 2006

>>We would like to avoid scenario when a system administraotr might 
>>accidently change the behaviour of one of the applications running on the 
>>system by acidentally installing a nes trusted certificate into a system 
>I can easily argue both ways :) In some cases, one might want
>to have *everything* in one place (btw, this is the approved
>MS way for dealing with certificates :) ). But you are also right
>that sometimes it is not the best approach. However, I am not
>buying your "...acidentally installing..." argument because
>sysadmin can also acidentally put a new certificate in any other
>place as well :)

Ok, here is an example from MS way (specifiying which CAs to trust when 
establishin an SSL session). Internet Information Server (IIS) can be 
configured in two ways:
- by default it uses trusted certificate from system store
- but you can also create your own certificate trust list and explicitlly 
define which root certificate do you trust. This enables you to have 
different trusted CAs in for different Web Sites.

If you replace "IIS" with "XmlSec" and  "Web Site" with "application" in the 
paragraph above, we have an argument for supporting both scenarios in 


Express yourself instantly with MSN Messenger! Download today it's FREE! 

More information about the xmlsec mailing list